This article describes how to configure SAML2 as an authentication method in Templafy.
Prerequisites
|
Configuration
- Go to the Account tab in the left-side menu of the Admin Center
- Go to the Authentication tab
- Click on Add authentication method
- Type in the name of the Authentication method id
- Type in the name of the Login button name
- Select SAML2 in the drop-down
- Follow instructions below based on the configuration selected (dynamic/manual)
- Configure Advanced Options (if necessary)
- Click Save
Authentication Parameters
Authentication Method Id
The Authentication method ID is a unique and non-editable value used to identify the authentication method itself. This is a required field and can be referenced as an installation parameter in Templafy Desktop deployment or distributed via Registry key. Using this id, users will not have to select an authentication method each time the Refresh Token is being renewed and the login shall succeed quietly without their interaction.
Login Button Name
This name will be shown to users when logging into Templafy, if multiple authentication methods are configured on the tenant. It is therefore imperative to give the button a meaningful and distinctive name to better guide users to the correct authentication method.
Advanced options
You can restrict access to specified email domains with the Restricted domains setting or restrict access based on the Discriminator claim name setting. You can also enter a Home realm to assist users in signing in.
Dynamic Configuration
When opting in for dynamic configuration, you don't have to maintain the metadata when it's changed on the IdP's side. For example, if a new singing certificate was generated on the customer's side, Templafy will be able to fetch the information in real time without any user interaction. No manual change to the metadata in the authentication method settings would be required.
- Metadata location = URL where you can access the metadata specific to the application.
- Entity ID = Uniquely identifies the application. IdP sends the identifier to the application as the Audience parameter of the SAML token. The application is expected to validate it.
Manual Configuration
By opting in for manual configuration, you have two options:
- Enter the correct required fields in the configuration manually by copy-pasting them from the metadata XML file.
- Use the Fetch metadata button to extract the information for you by inserting the specified URL.
- Metadata location = URL where you can access the metadata specific to the application.
- Entity ID = Uniquely identifies the application. IdP sends the identifier to the application as the Audience parameter of the SAML token. The application is expected to validate it.
- Single sign-on service URL = URL used by IdP to authenticate and sign on the user.
- Primary signing certificate (Base64) = Certificate used to sign the SAML tokens that are sent to the application. You need this certificate to set up the trust between IdP and the application.
- Secondary signing certificate (Base64) = Newly generated certificate by IdP can be uploaded here beforehand and Templafy will default to this certificate once the customer performs the switch.
Comments
Article is closed for comments.